In this case, U.S. magistrate judge James Francis IV decided that pursuant to the Stored Communication Act, Microsoft must provide law enforcement officials with the contents of an Irish customer’s email, which is stored on servers located in Dublin, Ireland. Microsoft and its peers argue the warrant defies both the Stored Communications Act and numerous international law constructs, including treaties the United States has in place with other countries — Ireland among them — regarding how to handle requests for data about each others’ citizens.

Advertisement

Francis based his decision in part on a rather questionable determination of how data is actually seized from servers and searched:

[I]n the context of digital information, “a search occurs when information from or about the data is exposed to possible human observation, such as when it appears on a screen, rather than when it is copied by the hard drive or processed by the computer.”

Based on this line of reasoning, the tech companies argue, no customer data stored by any service provider anywhere in the world would be safe from local governments so long as the provider could access that server. If individual countries’ laws about data protection don’t apply, nor do treaties or other principles of international law, the very idea of a global computer network is an open invitation for governments to demand that companies with any presence within their countries turn over customer data regardless where those customers or their data are located .

Verizon, in its brief, makes a valid argument against what it calls the judges “novel proposition”:

“[E]ven if the emails would be “searched” only when they are read by law enforcement, the computer on which the emails are stored would be searched when someone tried to find them. In this case, that computer is in Ireland. … Additionally, those emails or the computer they are stored on, or both, would be seized when the original emails were copied. … A search and a seizure thus would necessarily take place in Ireland.”

Because the Stored Communication Act (which was passed in 1986) does not include any suggestion that it applies to the search and seizure of data stored outside the United States, they contend, Microsoft cannot be compelled to turn over the emails of an Irish customer whose emails are stored on Irish servers.

A broader issue for big business

Despite its publicity, though, this latest appeal by Microsoft is just the latest strike in a years-long quest to rework U.S. and international data-protection laws to reflect the realities of cloud computing and globalization. Even before Edward Snowden leaked information about National Security Agency spying, Microsoft and its cloud peers were lobbying Congress to amend the Stored Communications Act (and its parent bill, the Electronic Privacy Communications Act) and the PATRIOT Act in the name of business.

There is no love lost between Apple and Microsoft, Verizon and AT&T, or the Electronic Frontier Foundation (which also filed an amicus brief in the Microsoft case) and any of these companies, but they’re all able to see eye to eye on the issue of data-protection laws that are bad for individual privacy and, therefore, bad for business.

It isn’t as if any rational person still believes the USA is a free country.Â

Think about it.Â No-warrant wire taps, indefinite detention of citizens without charges, approval of rendition of prisoners and torture, stop and frisk without probable cause, search and seizure without a warrant, no-knock entry, confiscation and destruction of cameras that might have been used to film police acting illegally, police brutality, police shootings that go withoutÂ investigation, managed news, and the civil-rights destroying “Patriot” Act.

Acts of police behaving illegally, with shootings, Tasers, and unwarranted violence now appear almost daily.Â Rarely are these offenses punished.Â Most often “an investigation” is claimed, but soon forgotten.

â€¨â€¨In addition, the USA, with 5% of the world population, has 25% of all of the prisoners in the world.Â That means the USA has the most people in prison of any nation in history.Â Even by percentage of residents incarcerated, not just sheer numbers, USA is # 1â€¨â€¨

Does any of that sound like a free country?

As Dwight D. Eisenhower said about communism, “It’s like slicing sausage.Â First they out off a small slice.Â That isn’t worth fighting over.Â Then they take another small slice that isn’t worth fighting over.Â Then another and another.Â Finally, all you have left is the string and that isn’t worth fighting over, either.

It seems there’s more than one way to fend off the government invasion of privacy.

1) Similar to the warrant canary, the Googles, Microsofts, Verizons of the world could leave a note on something you see prominently at login “No government agency, court, or law enforcement entity as requested access to your data as of [date].”

2) Spread the data across multiple geo-political regions. Like a RAID 5 array, but at the higher level of data itself… not necessarily blocks on disk. You want the data in Ireland? Sure. But without the data in Iceland, Qatar, and Brazil, you won’t be able to do anything meaningful with it.

3) Watch out because the government could request to seize backups, and then would have everything, including out of scope data from their request.

> In this case, U.S. magistrate judge James Francis IV decided that
> pursuant to the Stored Communication Act, Microsoft must provide
> law enforcement officials with the contents of an Irish customerâ€™s
> email, which is stored on servers located in Dublin, Ireland.

Is the judge in the case able to make a request to Microsoft because Microsoft is a U.S. based company? What if the mail server of interest was owned by a company based in a different country (i.e., Ireland) with servers operating in U.S. territory (i.e., Texas)? Would it matter if said servers in i.e. Texas were owned by the Irish company? What if the Irish company did not own these servers but instead leased them from a data center provider who ultimately owns / operates the servers, and what if the data center provider is a U.S. based company? Would the judge cite the same Stored Communication Act to force an Irish company to provide U.S. law enforcement officials with the contents of the server operating on U.S. soil? Such as scenario would be different compared to Lavabit (whereby Lavabit was a U.S. based company running servers on U.S. soil). Alas the cloud opens up more legal permutations. Sigh.

A court needs some jurisdiction over a company in order to demand it hand over data. It seems (although, admittedly I need to brush up on the law) that servers based in the U.S. would be reachable pretty easy by demanding the data center owner provide access.